You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by ng...@apache.org on 2022/02/03 11:17:57 UTC

[hive] branch master updated: HIVE-25875: Hive support for parallel authentication types LDAP/SAML in http mode (Saihemanth Gantasala reviewed by Naveen Gangam)

This is an automated email from the ASF dual-hosted git repository.

ngangam pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new b975e47  HIVE-25875: Hive support for parallel authentication types LDAP/SAML in http mode (Saihemanth Gantasala reviewed by Naveen Gangam)
b975e47 is described below

commit b975e47209fb188d047fa23aeaac058ae28fd393
Author: saihemanth <sa...@cloudera.com>
AuthorDate: Wed Jan 19 23:46:21 2022 +0530

    HIVE-25875: Hive support for parallel authentication types LDAP/SAML in http mode (Saihemanth Gantasala reviewed by Naveen Gangam)
---
 .../hive/service/auth/AuthenticationProviderFactory.java       |  2 +-
 .../java/org/apache/hive/service/auth/saml/HiveSamlUtils.java  |  2 +-
 .../org/apache/hive/service/cli/thrift/ThriftHttpServlet.java  | 10 +++++++---
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java b/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java
index c820b1a..063091c 100644
--- a/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java
+++ b/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java
@@ -52,7 +52,7 @@ public final class AuthenticationProviderFactory {
     public static AuthMethods getValidAuthMethod(String authMethodStr)
       throws AuthenticationException {
       for (AuthMethods auth : AuthMethods.values()) {
-        if (authMethodStr.equals(auth.getAuthMethod())) {
+        if (authMethodStr.toLowerCase().contains(auth.getAuthMethod().toLowerCase())) {
           return auth;
         }
       }
diff --git a/service/src/java/org/apache/hive/service/auth/saml/HiveSamlUtils.java b/service/src/java/org/apache/hive/service/auth/saml/HiveSamlUtils.java
index 748d70d..ae01251 100644
--- a/service/src/java/org/apache/hive/service/auth/saml/HiveSamlUtils.java
+++ b/service/src/java/org/apache/hive/service/auth/saml/HiveSamlUtils.java
@@ -36,7 +36,7 @@ public class HiveSamlUtils {
   public static final String MESSAGE_KEY = "message";
 
   public static boolean isSamlAuthMode(String authType) {
-    return authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.SAML.toString());
+    return authType.toLowerCase().contains(HiveAuthConstants.AuthTypes.SAML.toString().toLowerCase());
   }
 
   /**
diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
index 20274ff..61832f0 100644
--- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
+++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
@@ -214,9 +214,13 @@ public class ThriftHttpServlet extends TServlet {
             }
           } else if (HiveSamlUtils.isSamlAuthMode(authType)) {
             // check if this request needs a SAML redirect
-            if (needsRedirect(request, response)) {
+            String authHeader = request.getHeader(HttpAuthUtils.AUTHORIZATION);
+            if ((authHeader == null || authHeader.isEmpty()) && needsRedirect(request, response)) {
               doSamlRedirect(request, response);
               return;
+            } else if(authHeader.toLowerCase().startsWith(HttpAuthUtils.BASIC.toLowerCase())) {
+              //LDAP Authentication if the header starts with Basic
+              clientUserName = doPasswdAuth(request, HiveAuthConstants.AuthTypes.NONE.toString());
             } else {
               // redirect is not needed. Do SAML auth.
               clientUserName = doSamlAuth(request, response);
@@ -247,7 +251,7 @@ public class ThriftHttpServlet extends TServlet {
 
       // Generate new cookie and add it to the response
       if (requireNewCookie &&
-          !authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.NOSASL.toString())) {
+          !authType.toLowerCase().contains(HiveAuthConstants.AuthTypes.NOSASL.toString().toLowerCase())) {
         String cookieToken = HttpAuthUtils.createCookieToken(clientUserName);
         Cookie hs2Cookie = createCookie(signer.signCookie(cookieToken));
 
@@ -508,7 +512,7 @@ public class ThriftHttpServlet extends TServlet {
       throws HttpAuthenticationException {
     String userName = getUsername(request, authType);
     // No-op when authType is NOSASL
-    if (!authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.NOSASL.toString())) {
+    if (!authType.toLowerCase().contains(HiveAuthConstants.AuthTypes.NOSASL.toString().toLowerCase())) {
       try {
         AuthMethods authMethod = AuthMethods.getValidAuthMethod(authType);
         PasswdAuthenticationProvider provider =